Bug#375534: Normal unix file system permission (no security breach)

Helge Kreutzmann debian at helgefjell.de
Mon Jun 26 20:26:05 UTC 2006 

severity 375534 minor
retitle 375534 vorbisinfo should warn before replacing non-writable files
tags 375534 - security
thanks robot

This is not a (security) bug but normal behaviour. Let me explain what
happens. To follow, please run the following two commands:
ls -ld $PWD
strace vorbiscomment -a -t 'baz=foo' your.ogg > bazlog 2>&1

(Please replace your.ogg by a test ogg file with the same permissions
as in your last case!)

First: You should see that you are allowed to write to the current
directory. Now if you look at "bazlog" you find the following entries:
open("your.ogg", O_RDONLY)  = 3
open("your.ogg.vctemp", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 4

So your original file is opened for reading, and a new one is opend
for writing. 

In the next lines your file is copied (with a modified vorbis comment)
from the first (original) file to the new version. Now near the end of
bazlog you see:
close(3)                                = 0
...
close(4)                                = 0
...
rename("your.ogg.vctemp", "your.ogg") = 0

So first the original file is closed, next the copy is closed, and
finally the copy overwrites the original (run "man 2 rename" for 
details). Since you have write permission in the directory, the files
may be deleted. See your favourite Unix guide in the section of file
and directory permissions.

To the maintainer:
It might be wise to not blindly rely on the unix permissions per se,
as a user might expect an in-place edit (and only look at the
permission). This is supported in the man page of vorbiscomment:

    -a     Append comments.

Maybe vorbisinfo should emit a warning if a file is not available for
writing. Otherwise please improve the man page to avoid this illusion.

Greetings

             Helge


-- 
      Dr. Helge Kreutzmann                     debian at helgefjell.de
           Dipl.-Phys.                   http://www.helgefjell.de/debian.php
        64bit GNU powered                     gpg signed mail preferred
           Help keep free software "libre": http://www.ffii.de/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-xiph-maint/attachments/20060626/d3a4df69/attachment.pgp

More information about the pkg-xiph-maint mailing list